package com.demo.security.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import java.util.Enumeration;

/**
 * TestController
 *
 * @author chenyang
 * @date 2020/10/9
 */
@RestController
public class TestController {

    @PreAuthorize("hasAuthority('test')")
    @GetMapping("test")
    public String test() {
        return "test";
    }

    @PreAuthorize("hasAuthority('admin')")
    @GetMapping("admin")
    public String admin() {
        return "admin";
    }

//    @PostAuthorize("returnObject==1")
    @PreAuthorize("@auth.hasAuthority('sys:user:admin')")
    @GetMapping("auth")
    public String auth(HttpServletRequest request) {
        Enumeration<String> attributeNames = request.getSession().getAttributeNames();


		while (attributeNames.hasMoreElements()) {
			String string = (String) attributeNames.nextElement();
			System.out.println(string);
			System.out.println(request.getSession().getAttribute(string));

		}

        SecurityContext attribute = (SecurityContext)request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
        System.out.println(attribute.getAuthentication().getAuthorities());
        return "auth";
    }


}
